Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections


  • This topic is locked This topic is locked
41 replies to this topic

#1 pchallenged

pchallenged

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 May 2010 - 06:40 PM

Link to topic in AII which contains contextual information: http://www.bleepingcomputer.com/forums/t/316644/multiple-infections-unable-to-remove/ . ~ OB

Running Windows XP and Internet Explorer 8. Updates set to auto.

Think I have some of both malware programs still on this computer. I tried the prep guide and could not get DDS to run, just ended up with a bunch of garble in a notepad window.

So at the advice of Orange, I down loaded RSIT and ran it. Here is the log-

Logfile of random's system information tool 1.07 (written by random/random)
Run by at 2010-05-14 19:32:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (41%) free of 54 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:32:26 PM, on 5/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Russell S. Givens\Desktop\RSIT.exe
C:\Program Files\trend micro\Russell S. Givens.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/vso9/d...mp;dtag=d2dyp61
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe .exe C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) -
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{01245001-41B5-4E43-A235-AA62BFED03B3}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B26E239F-072F-42B9-9B88-8054E0925CE9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC3B091B-ECEB-4C78-B31F-571758007ED4}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{01245001-41B5-4E43-A235-AA62BFED03B3}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c994566da5bc10) (gupdate1c994566da5bc10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13526 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At73.job
C:\WINDOWS\tasks\At74.job
C:\WINDOWS\tasks\At75.job
C:\WINDOWS\tasks\At76.job
C:\WINDOWS\tasks\At77.job
C:\WINDOWS\tasks\At78.job
C:\WINDOWS\tasks\At79.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At80.job
C:\WINDOWS\tasks\At81.job
C:\WINDOWS\tasks\At82.job
C:\WINDOWS\tasks\At83.job
C:\WINDOWS\tasks\At84.job
C:\WINDOWS\tasks\At85.job
C:\WINDOWS\tasks\At86.job
C:\WINDOWS\tasks\At87.job
C:\WINDOWS\tasks\At88.job
C:\WINDOWS\tasks\At89.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At90.job
C:\WINDOWS\tasks\At91.job
C:\WINDOWS\tasks\At92.job
C:\WINDOWS\tasks\At93.job
C:\WINDOWS\tasks\At94.job
C:\WINDOWS\tasks\At95.job
C:\WINDOWS\tasks\At96.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-11-16 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-09-16 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-07 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-07 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-11-14 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset .exe [2004-09-27 610304]
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe []
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r []
"CTDVDDET"=C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE []
"CTSysVol"=C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe [2003-07-09 57344]
"UpdReg"=C:\WINDOWS\UpdReg.EXE []
"RemoteCenter"= []
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe []
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-02-11 1218008]
"QuickTime Task"=C:\Program Files\QuickTime\qttask .exe [2005-01-25 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-30 35844]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-04-30 35844]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"= []
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2003-10-02 98304]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\Dell\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-10-07 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoLogOff"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe"="C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album 5 Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE"="C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\WINDOWS\SYSTEM32\spoolsv.exe"="C:\WINDOWS\SYSTEM32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe"="C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-05-14 19:29:51 ----A---- C:\Documents and Settings\All Users\Application Data\doeR23dF.exe
2010-05-14 19:29:18 ----D---- C:\rsit
2010-05-14 19:29:18 ----D---- C:\Program Files\trend micro
2010-05-13 22:12:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-05-13 19:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-13 16:50:59 ----SHD---- C:\RECYCLER
2010-05-12 22:59:53 ----A---- C:\ComboFix.txt
2010-05-12 22:19:01 ----A---- C:\Boot.bak
2010-05-12 22:18:53 ----RASHD---- C:\cmdcons
2010-05-12 22:14:40 ----A---- C:\WINDOWS\zip.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\SWSC.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\SWREG.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\sed.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\PEV.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\MBR.exe
2010-05-12 22:14:40 ----A---- C:\WINDOWS\grep.exe
2010-05-12 22:14:03 ----D---- C:\WINDOWS\ERDNT
2010-05-12 22:11:45 ----D---- C:\Qoobox
2010-05-02 10:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-02 10:39:25 ----D---- C:\Program Files\SUPERAntiSpyware
2010-05-02 10:39:25 ----D---- C:\Documents and Settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com

======List of files/folders modified in the last 1 months======

2010-05-14 19:29:51 ----SD---- C:\WINDOWS\Tasks
2010-05-14 19:29:47 ----D---- C:\WINDOWS\Temp
2010-05-14 19:29:18 ----RD---- C:\Program Files
2010-05-14 19:22:46 ----D---- C:\WINDOWS
2010-05-14 19:22:40 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2010-05-14 19:22:20 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2010-05-13 22:13:20 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-13 22:12:02 ----D---- C:\Program Files\Common Files
2010-05-13 22:11:54 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-05-13 22:02:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-13 21:43:34 ----D---- C:\WINDOWS\system32\DRIVERS
2010-05-13 19:34:40 ----D---- C:\WINDOWS\SYSTEM32
2010-05-13 19:08:34 ----D---- C:\Config.Msi
2010-05-13 19:08:31 ----SHD---- C:\WINDOWS\Installer
2010-05-13 19:06:23 ----HD---- C:\WINDOWS\INF
2010-05-13 19:06:09 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-05-13 19:06:09 ----D---- C:\Program Files\Outlook Express
2010-05-12 22:48:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-12 22:46:49 ----A---- C:\WINDOWS\system.ini
2010-05-12 22:46:23 ----D---- C:\Program Files\QuickTime
2010-05-12 22:46:18 ----D---- C:\WINDOWS\Prefetch
2010-05-12 22:43:25 ----D---- C:\WINDOWS\system32\CONFIG
2010-05-12 22:39:52 ----D---- C:\WINDOWS\AppPatch
2010-05-12 22:19:02 ----RASH---- C:\BOOT.INI
2010-05-11 22:18:32 ----D---- C:\Program Files\Microsoft ActiveSync
2010-05-11 17:13:40 ----D---- C:\Program Files\Windows Media Player
2010-05-09 11:17:03 ----RSD---- C:\WINDOWS\Fonts
2010-05-09 08:32:41 ----D---- C:\TEMP
2010-05-08 21:46:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-08 09:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-05-08 00:59:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-08 00:50:47 ----D---- C:\WINDOWS\Minidump
2010-05-08 00:12:58 ----D---- C:\Program Files\McAfee
2010-05-02 21:35:54 ----D---- C:\WINDOWS\Help
2010-05-02 14:14:51 ----D---- C:\Tax01
2010-05-02 13:34:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-05-02 08:44:10 ----D---- C:\Program Files\Apoint
2010-05-01 10:42:09 ----D---- C:\WINDOWS\REPAIR
2010-04-30 22:50:02 ----D---- C:\WINDOWS\system32\FxsTmp
2010-04-30 14:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-21 16:36:06 ----D---- C:\Program Files\Quicken
2010-04-21 16:33:21 ----AC---- C:\WINDOWS\QUICKEN.INI
2010-04-15 19:02:12 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-06-30 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-09-16 214664]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-01-25 17056]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-08-06 104735]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-10-07 800768]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-09-26 44032]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-04-08 16896]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2004-04-08 30235]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2004-04-08 147864]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2004-04-08 43539]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-04-08 53336]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-09-16 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-09-16 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-09-16 34248]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-08-16 270136]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\DRIVERS\ctdvda2k.sys [2004-02-02 334880]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-11-24 130352]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver; C:\WINDOWS\System32\Drivers\FTD2XX.sys [2005-12-15 34639]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-19 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-19 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-19 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-09-16 40552]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-11-24 178672]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 sbusb;Sound Blaster USB Audio Driver; C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-12-12 911488]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-10-07 405504]
R2 btwdins;Bluetooth Service; C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe [2004-04-09 163840]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-07 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-09-16 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-10-27 895696]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SlingAgentService;SlingAgentService; C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [2009-04-27 93960]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-09-16 365072]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c994566da5bc10;Google Update Service (gupdate1c994566da5bc10); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-13 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-09-16 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by Orange Blossom, 14 May 2010 - 06:45 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 15 May 2010 - 10:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 May 2010 - 11:01 AM

Thanks for getting to me!

Here's the logs-

OTL logfile created on: 5/15/2010 11:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Russell S. Givens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.50 Gb Total Space | 21.23 Gb Free Space | 40.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Russell S. Givens
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/15 11:47:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell S. Givens\Desktop\OTL.exe
PRC - [2010/02/18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched .exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/07 17:45:22 | 000,436,752 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe
PRC - [2009/05/07 23:30:22 | 000,192,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSM\McSmtFwk.exe
PRC - [2009/04/27 18:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2008/12/05 17:51:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/10/30 16:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 18:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 18:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/04/09 19:08:42 | 001,241,172 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\BTStackServer.exe
PRC - [2004/04/09 17:54:44 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
PRC - [2004/04/09 00:23:40 | 000,561,213 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Dell\Bluetooth Software\BTTray.exe
PRC - [2003/10/29 05:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/10/02 16:06:00 | 000,098,304 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2003/07/09 16:36:00 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe


========== Modules (SafeList) ==========

MOD - [2010/05/15 11:47:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell S. Givens\Desktop\OTL.exe
MOD - [2008/12/05 17:51:10 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2009/04/27 18:09:52 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2008/12/05 17:51:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/08/13 19:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/03/07 16:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 18:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 18:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 18:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 18:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/04/09 17:54:44 | 000,163,840 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2010/05/08 10:11:40 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 12:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 17:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/12/15 15:27:52 | 000,034,639 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTD2XX.sys -- (FTD2XX)
DRV - [2005/05/03 16:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 16:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 16:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\sabprocenum.sys -- (SABProcEnum)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/11/16 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/11/16 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/11/16 01:05:00 | 000,086,554 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/11/16 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/11/16 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/11/16 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/11/16 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/11/16 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/11/16 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/10/21 17:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/07 00:13:38 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/31 10:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2004/08/16 17:52:10 | 000,270,136 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97)
DRV - [2004/08/12 10:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\iwca.sys -- (IWCA)
DRV - [2004/08/06 16:32:44 | 000,104,735 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/30 12:39:36 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2004/04/08 23:48:22 | 000,016,896 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btaudio.sys -- (btaudio)
DRV - [2004/04/08 23:41:50 | 001,239,338 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/04/08 23:34:52 | 000,147,864 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/04/08 23:34:44 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btport.sys -- (BTDriver)
DRV - [2004/04/08 23:25:58 | 000,043,539 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwhid.sys -- (btwhid)
DRV - [2004/04/08 23:25:00 | 000,053,336 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\btwusb.sys -- (BTWUSB)
DRV - [2004/02/13 12:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2004/02/02 23:58:36 | 000,334,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/12/12 05:28:36 | 000,911,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sbusb.sys -- (sbusb)
DRV - [2003/11/24 04:45:52 | 000,130,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/11/24 04:44:26 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/09/26 12:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/03/05 14:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/chsi.html
IE - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 22:43:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/14 21:58:11 | 000,000,055 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.168.0.4 HP00215A9F4C99
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ()
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset .exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe File not found
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe File not found
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask .exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteCenter] File not found
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE File not found
O4 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006..\Run: [RemoteControl] File not found
O4 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Dell\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .avi - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll (Apple Computer, Inc.)
O12 - Plugin for: .mpeg - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll (Apple Computer, Inc.)
O12 - Plugin for: .mpg - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll (Apple Computer, Inc.)
O15 - HKU\S-1-5-21-250467255-3334006233-3489905788-1006\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\SYSTEM32\BTXPPanel.dll (WIDCOMM, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Russell S. Givens\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Russell S. Givens\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2006/04/16 07:53:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 11:47:55 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell S. Givens\Desktop\OTL.exe
[2010/05/14 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/05/14 19:29:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/13 22:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/13 16:50:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/12 22:18:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/12 22:14:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/12 22:14:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/12 22:14:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/12 22:14:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/12 22:14:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/12 22:11:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/12 21:31:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell S. Givens\Desktop\ProcessExplorer
[2010/05/09 20:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell S. Givens\Desktop\HostsXpert
[2010/05/08 00:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\cjsmojtsh
[2010/05/08 00:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/02 10:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/02 10:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com
[2010/05/02 10:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/30 15:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/30 15:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2005/02/02 20:57:40 | 000,059,392 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1980/01/01 02:00:00 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 11:47:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell S. Givens\Desktop\OTL.exe
[2010/05/15 11:44:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/05/15 10:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/05/15 10:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/05/15 10:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/05/15 10:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/05/15 10:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/05/15 10:00:02 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/05/15 09:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/05/15 08:14:37 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/05/14 22:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/05/14 22:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/05/14 22:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/05/14 22:00:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/05/14 22:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/05/14 21:58:11 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/05/14 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/05/14 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/05/14 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/05/14 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/05/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/05/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/05/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/05/14 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/05/14 19:29:52 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/05/14 19:29:00 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\RSIT.exe
[2010/05/14 19:22:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 19:21:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 19:21:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 19:21:38 | 2146,742,272 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 06:12:36 | 000,028,665 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/14 06:12:33 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\NTUSER.DAT
[2010/05/14 06:12:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Russell S. Givens\NTUSER.INI
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/05/13 21:43:04 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/05/13 21:42:22 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\dds.scr
[2010/05/13 21:11:38 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\defogger_reenable
[2010/05/13 21:11:12 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\Defogger.exe
[2010/05/13 19:39:53 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/05/13 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/05/13 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/05/13 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/05/13 16:40:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/05/13 16:40:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/05/13 16:40:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/05/13 16:40:34 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/12 22:46:49 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/12 22:19:02 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/05/12 22:10:30 | 003,686,869 | R--- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\ComboFix.exe
[2010/05/11 06:23:39 | 005,665,296 | -H-- | M] () -- C:\Documents and Settings\Russell S. Givens\Local Settings\Application Data\IconCache.db
[2010/05/09 19:34:37 | 000,233,576 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/08 00:20:56 | 000,061,130 | ---- | M] () -- C:\debug
[2010/05/02 10:39:41 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/02 10:38:01 | 008,050,208 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\SUPERAntiSpyware.exe
[2010/05/02 10:22:34 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\Desktop\rkill.com
[2010/04/29 22:10:59 | 000,075,555 | ---- | M] () -- C:\Documents and Settings\Russell S. Givens\My Documents\image001.jpg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:18:15 | 000,392,328 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100508-153558.backup
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 21:59:56 | 000,391,968 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100428-211815.backup
[2010/04/25 06:31:19 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/21 16:33:21 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/18 16:59:27 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/04/16 21:04:52 | 000,391,210 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20100425-215955.backup
[2010/04/15 19:02:13 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/04/15 19:02:12 | 000,528,202 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 19:02:12 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/05/15 10:17:30 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/05/15 10:17:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/05/15 08:14:36 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/05/14 21:32:57 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/05/14 21:32:56 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/05/14 19:29:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/05/14 19:28:53 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\RSIT.exe
[2010/05/14 19:21:38 | 2146,742,272 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/05/13 21:43:03 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/05/13 21:13:12 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\dds.scr
[2010/05/13 21:11:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\defogger_reenable
[2010/05/13 21:11:11 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\Defogger.exe
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/05/13 19:39:51 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/05/13 19:39:50 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/05/13 16:40:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/05/12 22:19:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/12 22:18:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/12 22:14:40 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/12 22:14:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/12 22:14:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/12 22:14:40 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/12 22:14:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/12 22:10:17 | 003,686,869 | R--- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\ComboFix.exe
[2010/05/08 00:20:56 | 000,061,130 | ---- | C] () -- C:\debug
[2010/05/02 10:39:41 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/02 10:38:01 | 008,050,208 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\SUPERAntiSpyware.exe
[2010/05/02 10:22:20 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\Desktop\rkill.com
[2010/04/30 22:00:59 | 000,075,555 | ---- | C] () -- C:\Documents and Settings\Russell S. Givens\My Documents\image001.jpg
[2010/04/18 16:59:27 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/12 20:37:17 | 000,000,890 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/07/06 22:47:53 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/07/06 21:22:33 | 000,000,955 | ---- | C] () -- C:\WINDOWS\wsnk.ini
[2008/07/06 20:40:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/02/12 22:02:30 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/09/16 08:40:44 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/09/16 08:40:26 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2006/05/18 23:24:36 | 000,000,089 | ---- | C] () -- C:\WINDOWS\System32\FTD2XXUN.ini
[2005/03/13 13:19:37 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2005/02/11 23:03:11 | 000,000,450 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/02/06 12:38:36 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini
[2005/02/02 20:58:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/02/02 20:57:28 | 000,005,981 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2005/02/02 20:53:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/01/31 22:41:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/01/25 08:05:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/25 07:56:04 | 000,000,262 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/25 07:50:48 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/01/25 07:13:20 | 000,000,517 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/09/15 23:49:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 10:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 19:25:56 | 000,000,833 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/04/09 00:03:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 01:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 20:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/18 17:50:28 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll
[1980/01/01 02:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/13 11:38:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/13 11:38:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/13 11:38:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/13 11:38:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys
< End of report >


OTL Extras logfile created on: 5/15/2010 11:49:48 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Russell S. Givens\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.50 Gb Total Space | 21.23 Gb Free Space | 40.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Russell S. Givens
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- File not found
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe" = C:\Program Files\Dell Inc\Dell Picture Studio v3.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album 5 Application -- (Jasc Software)
"C:\WINDOWS\SYSTEM32\DPVSETUP.EXE" = C:\WINDOWS\SYSTEM32\DPVSETUP.EXE:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe" = C:\Program Files\Sling Media\SlingPlayer\SlingPlayer.exe:*:Enabled:SlingPlayer -- (Sling Media Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{18CC6334-7ED1-44e8-AA25-A0B1B5E56B8E}" = L7700
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{392D84D0-EAA2-012B-ADD8-000000000000}" = TurboTax 2009 wlaiper
"{3B8186F0-EAA2-012B-AE69-000000000000}" = TurboTax 2009 wnyiper
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE80E7B-6633-4046-9C15-D3B281C4F73D}" = BPDSoftware
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5783F2D7-0109-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{64E8AED8-A461-4CC5-92AF-5B6EF867A911}" = SuperchipsUpdate
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Dell Bluetooth Software
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BE471-773C-11D7-AB2D-0090271A23A2}" = USB Sound Blaster Audigy 2 NX
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"741061E49314785336CEAF4196481C7E3909482D" = Windows Driver Package - Superchips (FTD2XX) USB (12/01/2005 3.01.02)
"9E7CC5B61905F067350816919F53936B5087164B" = Windows Driver Package - Superchips (FTD2XX) USB (12/01/2005 3.01.02)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AnswerWorks" = AnswerWorks Runtime
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"E7E5BE06A7D59D8FAAAE05F5712A10D09AE0F096" = Windows Driver Package - FTDI (FTD2XX) USB (12/01/2005 3.01.02)
"FTD2XX" = FTDI FTD2XX USB Drivers
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"hp print screen utility" = hp print screen utility
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel® PROSet/Wireless Software
"Quicken WillMaker Plus 2010" = Quicken WillMaker Plus 2010
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SysInfo" = Creative System Information
"TurboTax 2009" = TurboTax 2009
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Volo View Express" = Volo View Express
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 9:49:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:52:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:52:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:55:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:55:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:58:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 9:58:34 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 11:10:01 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 5/15/2010 11:10:01 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 5/15/2010 11:12:01 AM | Computer Name = LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 5/13/2010 10:12:04 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/13/2010 10:12:28 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 5/13/2010 10:12:57 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 5/14/2010 6:12:32 AM | Computer Name = LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/14/2010 7:22:40 PM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 5/14/2010 9:02:02 PM | Computer Name = LAPTOP | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 5/15/2010 8:07:14 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service
to connect.

Error - 5/15/2010 8:07:16 AM | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = The Net Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 5/15/2010 8:08:14 AM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 5/15/2010 8:08:14 AM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 15 May 2010 - 11:26 AM

Hi,

please try to run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 May 2010 - 12:16 PM

ok struggling here. working off my ps3 and phone. seems antivrussoft has come back witha vengance. it wont let me use explorer, so i downloaded gmer to my phone and transfered it to the computer that way. i booted into safe mode and ran gmer. it does the initial scan, but perhaps because of the screen resolution, icant see or get to the scan button. would it be ok to run mbam just toget enough control back to run in normal mode?

#6 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 May 2010 - 12:39 PM

found the autostart tab and the scan button there. is that what youre talking about? if so, how do i generate the log file from there?

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 15 May 2010 - 04:59 PM

Hi,
QUOTE
would it be ok to run mbam just toget enough control back to run in normal mode?


yes please try to do that. If that doesn't work, please uncheck everything except sections and try to run a scan like this.

regards myrti

Edited by myrti, 15 May 2010 - 05:00 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 May 2010 - 07:38 AM

Ok, finally....

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-16 08:20:27
Windows 5.1.2600 Service Pack 3
Running: z8hl7j0w.exe; Driver: C:\DOCUME~1\RUSSEL~1.GIV\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xACB7778A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xACB77738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xACB7774C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xACB777CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xACB77710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xACB77724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xACB7779E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xACB77776]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xACB77762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xACB777F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xACB777E0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xACB777B4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP ACB777B8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CF98 5 Bytes JMP ACB7778E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DDD9 5 Bytes JMP ACB77766 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805719AC 5 Bytes JMP ACB77714 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571E96 7 Bytes JMP ACB777A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805738C6 5 Bytes JMP ACB777E4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573D41 7 Bytes JMP ACB777CE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP ACB77750 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805824CC 5 Bytes JMP ACB777FD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058E5C4 5 Bytes JMP ACB77728 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B14AC 5 Bytes JMP ACB7773C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062E057 5 Bytes JMP ACB7777A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[432] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[432] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940000
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0094007D
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0094006C
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00940F92
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0094005B
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FC0
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009400C9
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00940F77
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940110
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009400F5
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00940F5C
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00940FAF
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0094001B
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00940098
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00940036
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00940FE5
.text C:\WINDOWS\System32\svchost.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009400DA
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001B
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930051
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD4
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930F94
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[792] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FAF
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA1
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB2
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FD7
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0092002C
.text C:\WINDOWS\System32\svchost.exe[792] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[792] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[792] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FE5
.text C:\WINDOWS\System32\svchost.exe[792] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[792] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[792] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FE5
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00940000
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00940062
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0094003D
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00940F6F
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00940F80
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FA5
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00940F41
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0094007D
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009400D0
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009400B5
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009400EB
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0094002C
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00940FE5
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00940F52
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0094001B
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00940FD4
.text C:\WINDOWS\System32\svchost.exe[872] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0094009A
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FC0
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F8A
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FD1
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930011
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930047
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093002C
.text C:\WINDOWS\System32\svchost.exe[872] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FA5
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920027
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920F92
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FC8
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FAD
.text C:\WINDOWS\System32\svchost.exe[872] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[872] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[872] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090001B
.text C:\WINDOWS\System32\svchost.exe[872] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[872] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900036
.text C:\WINDOWS\System32\svchost.exe[872] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC0000
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CC0050
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CC0F5B
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CC0F76
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CC0F87
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CC0022
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CC007C
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CC0061
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CC0EED
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CC0F08
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CC00A1
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CC0033
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC0011
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CC0F40
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CC0FC0
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CC0FDB
.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CC0F19
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BC0040
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BC0025
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BC0087
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BC0051
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BB0053
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BB0FC8
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BB001D
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BB000C
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BB0038
.text C:\WINDOWS\system32\svchost.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BB0FE3
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00B90FD4
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[920] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012C0000
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 012C00B8
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 012C009D
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 012C0FC3
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 012C0FD4
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 012C0051
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 012C00F5
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 012C00E4
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012C0121
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012C0110
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 012C0132
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 012C0076
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012C001B
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 012C00C9
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 012C0FE5
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 012C002C
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 012C0F92
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 012B0FCA
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 012B0076
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 012B001B
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 012B0FDB
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 012B0FAF
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 012B0000
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 012B0051
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 012B0036
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 012A0042
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!system 77C293C7 5 Bytes JMP 012A0027
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 012A000C
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_open 77C2F566 5 Bytes JMP 012A0FEF
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 012A0FC1
.text C:\WINDOWS\system32\services.exe[1084] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 012A0FD2
.text C:\WINDOWS\system32\services.exe[1084] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[1084] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[1084] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\services.exe[1084] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FE0FAF
.text C:\WINDOWS\system32\services.exe[1084] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01010FEF
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01010F5C
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0101005B
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01010F8D
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01010F9E
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01010025
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01010093
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0101006C
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01010F04
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01010F15
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01010EF3
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01010040
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01010FD4
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01010F41
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01010FB9
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01010000
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01010F30
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0025
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0062
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FD4
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF0F9B
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF0047
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0F9A
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0025
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FC6
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0FB5
.text C:\WINDOWS\system32\lsass.exe[1096] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\lsass.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[1096] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[1096] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00CD0FDE
.text C:\WINDOWS\system32\lsass.exe[1096] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00CD0FCD
.text C:\WINDOWS\system32\lsass.exe[1096] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00CD0FBC
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02520FEF
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02520F99
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0252008E
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02520073
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02520058
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0252003D
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02520F46
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02520F57
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025200CE
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025200B3
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025200E9
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02520FB6
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0252000A
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02520F7E
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0252002C
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0252001B
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02520F35
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 024D0FB9
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 024D0F94
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 024D000A
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 024D0FD4
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 024D0051
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 024D0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 024D0040
.text C:\WINDOWS\system32\svchost.exe[1284] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 024D002F
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 024C0055
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!system 77C293C7 5 Bytes JMP 024C0FD4
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 024C0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_open 77C2F566 5 Bytes JMP 024C000C
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 024C0044
.text C:\WINDOWS\system32\svchost.exe[1284] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 024C001D
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 024A0000
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 024A0025
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 024A0FEF
.text C:\WINDOWS\system32\svchost.exe[1284] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 024A0FD4
.text C:\WINDOWS\system32\svchost.exe[1284] WS2_32.dll!socket 71AB4211 5 Bytes JMP 024B0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F88
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F99
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70FC0
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70FD1
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7004E
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F6D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F700A9
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700DA
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F41
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700F5
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70069
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70011
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70098
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7003D
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70022
.text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F52
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F10FB9
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F10F6F
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F10FCA
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F10F8A
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F1002C
.text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F1001B
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00051
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F0002C
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00FC6
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\svchost.exe[1364] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00EE0FEF
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00EE0FCA
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00EE0FB9
.text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00EE0FA8
.text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1404] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03770000
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03770F63
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03770062
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03770F94
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03770FA5
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0377003D
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03770F2B
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03770F3C
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03770EE4
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03770EF5
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03770098
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03770FB6
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03770011
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03770073
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03770FDB
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0377002C
.text C:\WINDOWS\System32\svchost.exe[1404] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03770F06
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 035F0FCA
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 035F0F94
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 035F001B
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 035F0FE5
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 035F0047
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 035F0000
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 035F0FA5
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [7F, 8B] {JG 0xffffffffffffff8d}
.text C:\WINDOWS\System32\svchost.exe[1404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 035F002C
.text C:\WINDOWS\System32\svchost.exe[1404] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0275000A
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 035E0F95
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!system 77C293C7 5 Bytes JMP 035E0FB0
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 035E0FD2
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!_open 77C2F566 5 Bytes JMP 035E0000
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 035E0FC1
.text C:\WINDOWS\System32\svchost.exe[1404] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 035E0FE3
.text C:\WINDOWS\System32\svchost.exe[1404] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 03110FE5
.text C:\WINDOWS\System32\svchost.exe[1404] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 03110FD4
.text C:\WINDOWS\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 03110FAF
.text C:\WINDOWS\System32\svchost.exe[1404] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 03110F9E
.text C:\WINDOWS\System32\svchost.exe[1404] WS2_32.dll!socket 71AB4211 5 Bytes JMP 035D0FE5
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F76
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF006B
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF004E
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF003D
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF001B
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F4F
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF00A1
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F2D
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00C6
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF0F12
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF002C
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0086
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0000
.text C:\WINDOWS\System32\svchost.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF0F3E
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0F9E
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE0F68
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE0FB9
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0F83
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE001B
.text C:\WINDOWS\System32\svchost.exe[1680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE000A
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD0F9A
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0FAB
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD0FCD
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0000
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0FBC
.text C:\WINDOWS\System32\svchost.exe[1680] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD0011
.text C:\WINDOWS\System32\svchost.exe[1680] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[1680] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[1680] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[1680] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[1680] WS2_32.dll!socket 71AB4211 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009F0F81
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009F0F9C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F0FAD
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009F0FCA
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009F00A2
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0091
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F00D8
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F0F3F
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009F00E9
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009F006C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009F0F66
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009F0051
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009F002C
.text C:\WINDOWS\system32\svchost.exe[1796] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009F00B3
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009E0FCA
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009E0058
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009E001B
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009E0FE5
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009E003D
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009E0F9B
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BE, 88]
.text C:\WINDOWS\system32\svchost.exe[1796] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D002C
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0FA1
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0011
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0FE3
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0FBC
.text C:\WINDOWS\system32\svchost.exe[1796] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0000
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\svchost.exe[1796] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\svchost.exe[1796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0000
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01080FE5
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01080F88
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0108007D
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01080062
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01080FA5
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01080040
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010800A2
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01080F5A
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01080F24
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01080F35
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010800D8
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01080051
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01080FD4
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01080F77
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0108002F
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0108000A
.text C:\WINDOWS\system32\svchost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010800B3
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0107001B
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01070062
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01070FCA
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01070000
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01070FA5
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01070FE5
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0107003D
.text C:\WINDOWS\system32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0107002C
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01060078
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!system 77C293C7 5 Bytes JMP 01060FE3
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0106002E
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0106000C
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01060049
.text C:\WINDOWS\system32\svchost.exe[1916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0106001D
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\svchost.exe[1916] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\svchost.exe[1916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0105000A
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F3000A
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30098
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F3007D
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3006C
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F3005B
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30FB9
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F300B3
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F30F6B
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F300FA
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F300DF
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F30F46
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F30040
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F30F88
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F3001B
.text C:\WINDOWS\system32\svchost.exe[2156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F300CE
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F20FDB
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F2006C
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F2002C
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F20FAF
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20000
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F20051
.text C:\WINDOWS\system32\svchost.exe[2156] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20FCA
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F10053
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10FC8
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10027
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F10000
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10038
.text C:\WINDOWS\system32\svchost.exe[2156] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FE3
.text C:\WINDOWS\system32\svchost.exe[2156] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\svchost.exe[2156] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\svchost.exe[2156] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\svchost.exe[2156] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\explorer.exe[2884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C0000A
.text C:\WINDOWS\explorer.exe[2884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\explorer.exe[2884] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BA000C
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002B002F
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002B0051
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002B0FDE
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002B0014
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002B0040
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002B0F9E
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4B, 88]
.text C:\WINDOWS\explorer.exe[2884] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002B0FC3
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002C0069
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!system 77C293C7 5 Bytes JMP 002C0058
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002C0022
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002C0000
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002C003D
.text C:\WINDOWS\explorer.exe[2884] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002C0011

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat A11CBD20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Temp\kxnr.tmp 0 bytes

---- EOF - GMER 1.0.15 ----


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 17 May 2010 - 08:11 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 May 2010 - 04:51 PM

Here it is-

ComboFix 10-05-16.02 - Russell S. Givens 05/17/2010 17:23:22.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1511 [GMT -4:00]
Running from: c:\documents and settings\Russell S. Givens\Desktop\ComboFix1.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe

CODE
<pre>
c:\program files\Common Files\Java\Java Update\jusched .exe ---^> c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Dell\QuickSet\quickset .exe ---^> c:\program files\Dell\QuickSet\quickset.exe
c:\program files\QuickTime\qttask                                                                                   .exe ---^> c:\program files\QuickTime\qttask.exe
</pre>

.
Infected copy of c:\windows\system32\DRIVERS\agp440.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\dllcache\agp440.sys
2010-05-15 16:24 . 2010-05-15 23:59 -------- d-----w- c:\documents and settings\Russell S. Givens\Local Settings\Application Data\asfqyvnfm
2010-05-14 23:29 . 2010-05-14 23:32 -------- d-----w- c:\program files\trend micro
2010-05-14 23:29 . 2010-05-14 23:29 -------- d-----w- C:\rsit
2010-05-14 02:12 . 2010-05-14 02:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-08 04:32 . 2010-05-08 04:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\cjsmojtsh
2010-05-08 04:22 . 2010-05-08 04:22 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-02 14:39 . 2010-05-08 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 21:34 . 2005-01-25 12:02 -------- d-----w- c:\program files\QuickTime
2010-05-16 00:15 . 2010-05-16 00:15 112 ----a-w- c:\documents and settings\All Users\Application Data\7lRL0ux1i.dat
2010-05-15 01:57 . 2008-07-07 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-13 21:30 . 2010-05-08 14:13 63488 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-13 21:30 . 2010-05-02 14:40 117760 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 02:18 . 2005-01-25 11:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-09 23:42 . 2005-01-25 12:04 58632 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-08 04:59 . 2008-11-18 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 04:12 . 2007-02-14 23:04 -------- d-----w- c:\program files\McAfee
2010-05-02 17:34 . 2006-04-25 00:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-02 14:40 . 2010-05-02 14:40 52224 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-02 12:44 . 2005-01-25 11:32 -------- d-----w- c:\program files\Apoint
2010-04-29 19:39 . 2008-11-18 05:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-18 05:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:03 . 2008-11-08 02:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-04-25 10:31 . 2009-07-03 09:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-21 20:36 . 2007-02-13 02:02 -------- d-----w- c:\program files\Quicken
2010-04-21 20:30 . 2010-04-21 20:30 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-04-21 20:29 . 2010-01-10 17:22 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-04-07 20:36 . 2005-01-25 11:43 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:34 . 2008-12-11 00:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 20:34 . 2005-01-25 11:43 -------- d-----w- c:\program files\Java
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 00:45 . 2010-03-10 00:45 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 22:51 . 2010-02-18 22:51 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-02-17 13:10 . 1980-01-01 06:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 03:38 . 2010-01-13 02:40 1715576 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
CODE
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Apoint\Apoint .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Creative\MediaSource\RemoteControl\RcMan .exe
c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Dell\Media Experience\DMXLauncher .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\Malwarebytes' Anti-Malware\mbam    .exe
c:\program files\Malwarebytes' Anti-Malware\mbam   .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft ActiveSync\wcescomm .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Windows Media Player\WMPNSCFG .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="" [N/A]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [N/A]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [N/A]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [N/A]
"CTDVDDET"="c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE" [N/A]
"CTSysVol"="c:\program files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe" [2003-07-09 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [N/A]
"RemoteCenter"="" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [N/A]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-26 113664]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-9 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-25 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2008 8:01 PM 206096]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:19 PM 24652]
S2 gupdate1c994566da5bc10;Google Update Service (gupdate1c994566da5bc10);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 2:58 PM 133104]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [5/18/2006 11:24 PM 34639]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbusb.sys [2/2/2005 8:57 PM 911488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2007-02-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=d2dyp61
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth
Trusted Zone: intuit.com\ttlc
TCP: {01245001-41B5-4E43-A235-AA62BFED03B3} = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
TCP: {B26E239F-072F-42B9-9B88-8054E0925CE9} = 208.67.220.220,208.67.222.222
TCP: {FC3B091B-ECEB-4C78-B31F-571758007ED4} = 208.67.220.220,208.67.222.222
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 17:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1040)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Dell\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Dell\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
.
**************************************************************************
.
Completion time: 2010-05-17 17:45:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 21:45
ComboFix2.txt 2010-05-13 02:59

Pre-Run: 22,965,551,104 bytes free
Post-Run: 22,957,129,728 bytes free

- - End Of File - - 0C3BAD73C61C0BE606A2E4FC0ECAD22F


#11 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 May 2010 - 04:56 PM

During the run, another Internet Explorer shortcut appeared on my desktop. Is that normal?

Also, when I look in c:\Documents and Settings\all Users\Application Data there are two suspect files-
7IRL0ux1i.dat
DESKTOP.INI

The first seems to be associated with the doeR23df.exe virus files that would re-appear after cleaning, and the second was never there before. Should I be concerned?

Edited by pchallenged, 17 May 2010 - 05:03 PM.


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 17 May 2010 - 06:54 PM

Hi,

there are a couple more things left, that need to be fixed actually:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
File::
c:\documents and settings\All Users\Application Data\7lRL0ux1i.dat
Folder::
c:\documents and settings\Russell S. Givens\Local Settings\Application Data\asfqyvnfm
c:\documents and settings\NetworkService\Local Settings\Application Data\cjsmojtsh
RenV::
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Apoint\Apoint .exe
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Sonic\Update Manager\sgtray .exe
c:\program files\Creative\MediaSource\RemoteControl\RcMan .exe
c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet .exe
c:\program files\CyberLink\PowerDVD\DVDLauncher .exe
c:\program files\Dell\Media Experience\DMXLauncher .exe
c:\program files\Dell Support Center\bin\sprtcmd .exe
c:\program files\Dell Support Center\gs_agent\custom\dsca .exe
c:\program files\Malwarebytes' Anti-Malware\mbam    .exe
c:\program files\Malwarebytes' Anti-Malware\mbam   .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\McAfee.com\Agent\mcagent .exe
c:\program files\Microsoft ActiveSync\wcescomm .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Windows Media Player\WMPNSCFG .exe
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Desktop.ini is a Windows file which is normally hidden. ComboFix automatically unhides files, we will rehide them at the end of the cleaning.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 May 2010 - 07:22 PM

Here you go-

ComboFix 10-05-16.02 - Russell S. Givens 05/17/2010 20:03:51.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1506 [GMT -4:00]
Running from: c:\documents and settings\Russell S. Givens\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\Russell S. Givens\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\All Users\Application Data\7lRL0ux1i.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\7lRL0ux1i.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\cjsmojtsh
c:\documents and settings\Russell S. Givens\Local Settings\Application Data\asfqyvnfm

.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\dllcache\agp440.sys
2010-05-14 23:29 . 2010-05-14 23:32 -------- d-----w- c:\program files\trend micro
2010-05-14 23:29 . 2010-05-14 23:29 -------- d-----w- C:\rsit
2010-05-14 02:12 . 2010-05-14 02:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-08 04:22 . 2010-05-08 04:22 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-02 14:39 . 2010-05-08 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 00:09 . 2006-04-25 00:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-18 00:03 . 2005-01-25 11:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-18 00:03 . 2008-11-18 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 00:03 . 2005-01-25 11:32 -------- d-----w- c:\program files\Apoint
2010-05-17 21:34 . 2005-01-25 12:02 -------- d-----w- c:\program files\QuickTime
2010-05-15 01:57 . 2008-07-07 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-13 21:30 . 2010-05-08 14:13 63488 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-13 21:30 . 2010-05-02 14:40 117760 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-09 23:42 . 2005-01-25 12:04 58632 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-08 04:12 . 2007-02-14 23:04 -------- d-----w- c:\program files\McAfee
2010-05-02 14:40 . 2010-05-02 14:40 52224 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 19:39 . 2008-11-18 05:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-18 05:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:03 . 2008-11-08 02:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-04-25 10:31 . 2009-07-03 09:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-21 20:36 . 2007-02-13 02:02 -------- d-----w- c:\program files\Quicken
2010-04-21 20:30 . 2010-04-21 20:30 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-04-21 20:29 . 2010-01-10 17:22 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-04-07 20:36 . 2005-01-25 11:43 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:34 . 2008-12-11 00:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 20:34 . 2005-01-25 11:43 -------- d-----w- c:\program files\Java
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 00:45 . 2010-03-10 00:45 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 22:51 . 2010-02-18 22:51 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-02-17 13:10 . 1980-01-01 06:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 03:38 . 2010-01-13 02:40 1715576 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
CODE
<pre>
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="" [N/A]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"CTDVDDET"="c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe" [2003-07-09 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [N/A]
"RemoteCenter"="" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-26 113664]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-9 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-25 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2008 8:01 PM 206096]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:19 PM 24652]
S2 gupdate1c994566da5bc10;Google Update Service (gupdate1c994566da5bc10);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 2:58 PM 133104]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [5/18/2006 11:24 PM 34639]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbusb.sys [2/2/2005 8:57 PM 911488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2007-02-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=d2dyp61
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth
Trusted Zone: intuit.com\ttlc
TCP: {01245001-41B5-4E43-A235-AA62BFED03B3} = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
TCP: {B26E239F-072F-42B9-9B88-8054E0925CE9} = 208.67.220.220,208.67.222.222
TCP: {FC3B091B-ECEB-4C78-B31F-571758007ED4} = 208.67.220.220,208.67.222.222
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 20:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Dell\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Dell\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-05-17 20:20:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 00:20
ComboFix2.txt 2010-05-17 21:45
ComboFix3.txt 2010-05-13 02:59

Pre-Run: 22,915,198,976 bytes free
Post-Run: 22,886,608,896 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6500D429076DBDEFB992F84A56EC641C


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:05 PM

Posted 17 May 2010 - 07:27 PM

Hi,

it seems we need to run one more script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
RenV::
c:\program files\McAfee.com\Agent\mcagent .exe


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 pchallenged

pchallenged
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 17 May 2010 - 07:51 PM

Here it is:

ComboFix 10-05-16.02 - Russell S. Givens 05/17/2010 20:32:59.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1522 [GMT -4:00]
Running from: c:\documents and settings\Russell S. Givens\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\Russell S. Givens\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\drivers\agp440.sys
2010-05-17 21:19 . 2004-08-04 05:07 42368 ----a-w- c:\windows\system32\dllcache\agp440.sys
2010-05-14 23:29 . 2010-05-14 23:32 -------- d-----w- c:\program files\trend micro
2010-05-14 23:29 . 2010-05-14 23:29 -------- d-----w- C:\rsit
2010-05-14 02:12 . 2010-05-14 02:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-08 04:22 . 2010-05-08 04:22 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-02 14:39 . 2010-05-08 14:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-02 14:39 . 2010-05-02 14:39 -------- d-----w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 00:09 . 2006-04-25 00:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-18 00:03 . 2005-01-25 11:49 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-05-18 00:03 . 2008-11-18 05:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 00:03 . 2005-01-25 11:32 -------- d-----w- c:\program files\Apoint
2010-05-17 21:34 . 2005-01-25 12:02 -------- d-----w- c:\program files\QuickTime
2010-05-15 01:57 . 2008-07-07 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-13 21:30 . 2010-05-08 14:13 63488 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-13 21:30 . 2010-05-02 14:40 117760 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-09 23:42 . 2005-01-25 12:04 58632 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-08 04:12 . 2007-02-14 23:04 -------- d-----w- c:\program files\McAfee
2010-05-02 14:40 . 2010-05-02 14:40 52224 ----a-w- c:\documents and settings\Russell S. Givens\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-29 19:39 . 2008-11-18 05:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2008-11-18 05:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 23:03 . 2008-11-08 02:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-04-25 10:31 . 2009-07-03 09:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-21 20:36 . 2007-02-13 02:02 -------- d-----w- c:\program files\Quicken
2010-04-21 20:30 . 2010-04-21 20:30 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-04-21 20:29 . 2010-01-10 17:22 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-04-07 20:36 . 2005-01-25 11:43 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:34 . 2008-12-11 00:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 20:34 . 2005-01-25 11:43 -------- d-----w- c:\program files\Java
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 00:45 . 2010-03-10 00:45 2844160 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191714-19188.dll
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-18 22:51 . 2010-02-18 22:51 5686272 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19153-191714.dll
2010-02-17 13:10 . 1980-01-01 06:00 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-17 03:38 . 2010-01-13 02:40 1715576 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
.
CODE
<pre>
c:\program files\McAfee.com\Agent\mcagent .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="" [N/A]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset .exe c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"CTDVDDET"="c:\program files\Creative\USB SBAudigy2 NX\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\USB SBAudigy2 NX\Surround Mixer\CTSysVol.exe" [2003-07-09 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [N/A]
"RemoteCenter"="" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-26 113664]
BTTray.lnk - c:\program files\Dell\Bluetooth Software\BTTray.exe [2004-4-9 561213]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-1-25 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Dell Inc\\Dell Picture Studio v3.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\SYSTEM32\\spoolsv.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 68168]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/4/2008 8:01 PM 206096]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [4/27/2009 6:09 PM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:19 PM 24652]
S2 gupdate1c994566da5bc10;Google Update Service (gupdate1c994566da5bc10);c:\program files\Google\Update\GoogleUpdate.exe [2/21/2009 2:58 PM 133104]
S3 FTD2XX;Flashpaq FTD2XX.SYS FT8U2XX device driver;c:\windows\SYSTEM32\DRIVERS\FTD2XX.sys [5/18/2006 11:24 PM 34639]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\SYSTEM32\DRIVERS\sbusb.sys [2/2/2005 8:57 PM 911488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 18:58]

2007-02-14 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]

2009-09-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-14 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/chsi.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/vso/en-us/vso9/default.asp?affid=105-36&dtag=d2dyp61
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Send To &Bluetooth
Trusted Zone: intuit.com\ttlc
TCP: {01245001-41B5-4E43-A235-AA62BFED03B3} = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222
TCP: {B26E239F-072F-42B9-9B88-8054E0925CE9} = 208.67.220.220,208.67.222.222
TCP: {FC3B091B-ECEB-4C78-B31F-571758007ED4} = 208.67.220.220,208.67.222.222
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-17 20:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,67,7d,9c,66,72,0d,1d,46,9d,0e,ad,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1720)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\Dell\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\Dell\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
.
**************************************************************************
.
Completion time: 2010-05-17 20:49:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 00:49
ComboFix2.txt 2010-05-18 00:20
ComboFix3.txt 2010-05-17 21:45
ComboFix4.txt 2010-05-13 02:59

Pre-Run: 22,882,484,224 bytes free
Post-Run: 22,854,311,936 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B2C0011C101BA41FFAB2292DAC2D8DEC





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users